MDKSA-2003:034-1

Package name

rxvt

Date

2003-04-03

Advisory ID

MDKSA-2003:034-1

Affected versions

9.1 i586

Problem description

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. Update: The packages for Mandrake Linux 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

Updated packages

9.1 i586

 cbd7fca3e466725c68b35322497e4ca5  ppc/9.1/RPMS/rxvt-2.7.8-6.1mdk.ppc.rpm
27f39cbb495e3441c6f7cda9abea8bb5  ppc/9.1/RPMS/rxvt-CJK-2.7.8-6.1mdk.ppc.rpm
988e6334df9840fccbdc5e858af87560  ppc/9.1/RPMS/rxvt-devel-2.7.8-6.1mdk.ppc.rpm
9f5c2791c045dc64fd2671f1a12428a7  ppc/9.1/SRPMS/rxvt-2.7.8-6.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0022
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0023
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0066
• http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2